System and method of opportunistically protecting a computer from malware

1. A method performed on a local computer that includes antivirus software, the method for closing a vulnerability on the local computer, the method comprising: in response to the antivirus software detecting a presence of malware on the local computer, determining whether to request a remote computer associated with a trusted entity to identify a vulnerability exploited by the malware detected by the antivirus software on the local computer; in response to determining that the remote computer is to be requested: generating a dump file that contains current memory contents of the local computer, including the dump file in a request, transmitting the request to the remote computer associated with the trusted entity that provides a service that identifies vulnerabilities on behalf of other computers, the request comprising malware information identifying the malware detected by the antivirus software on the local computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the local computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer associated with the trusted entity, in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying, based on information accessible to the local computer, the vulnerability; obtaining a software update from the trusted entity, the software update being designed to close the vulnerability; and causing the software update to be installed on the local computer.

2. The method as recited in claim 1 , wherein the software update is obtained from the trusted entity using a client-based software update system designed to identify software updates that need to be installed on the local computer after performing an analysis of at least some configuration of the local computer.

3. The method as recited in claim 1 , wherein the software update is obtained from the trusted entity through a Web service that links the local computer to the software update.

4. The method as recited in claim 1 , wherein the software update is installed automatically without requiring input from the user.

5. The method of claim 1 , further comprising querying a database that stores at least one first identifier for the vulnerability in association with at least one second identifier for one or more malware which exploits the vulnerability.

6. At least one computer-readable storage device storing computer-executable instructions that, when executed by a local computer that includes antivirus software, cause the local computer to perform actions for closing a vulnerability on the local computer, the actions comprising: in response to the antivirus software identifying malware on the local computer, determining whether to request a remote computer to identify a vulnerability exploited by the malware detected by the antivirus software on the local computer; in response to determining that the remote computer is to be requested: generating a dump file that contains current memory contents of the local computer, including the dump file in a request, transmitting the request to the remote computer, the request comprising malware information identifying the malware detected by the antivirus software on the local computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the local computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying the vulnerability; obtaining a software update from a trusted entity, the software update being designed to close the vulnerability; and causing the software update to be installed on the local computer.

7. The at least one computer-readable storage device as recited in claim 6 , wherein the remote computer provides a Web service and the request transmitted to the remote computer is a Web request.

8. The at least one computer-readable storage device as recited in claim 6 , wherein the software update is obtained from the trusted entity using a client-based software update system designed to identify software updates that need to be installed on the local computer after identifying at least some configuration of the local computer.

9. The at least one computer-readable storage device as recited in claim 6 , wherein the software update is obtained from the trusted entity through a Web service that links the local computer to the software update using a Web page.

10. The at least one computer-readable storage device as recited in claim 6 , wherein the software update is installed automatically without requiring input from the user.

11. The at least one computer-readable storage device of claim 6 , wherein the method further comprises querying a database that stores at least one first identifier for the vulnerability in association with at least one second identifier for one or more malware which exploits the vulnerability.

12. A first computer and at least one program module together configured for performing actions for closing a vulnerability on the first computer, the first computer comprising a memory, the actions comprising: executing antivirus software configured for identifying data on the first computer that is characteristic of malware; determining whether to request a remote computer to identify a vulnerability exploited by malware detected by the antivirus software on the first computer; in response to determining that the remote computer is to be requested: generating a dump file that contains current memory contents of the first computer, including the dump file in a request, transmitting a request to the remote computer, the request comprising malware information identifying the malware detected by the antivirus software on the first computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the first computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying the vulnerability on the first computer at least in part by accessing, based at least in part on the malware detected by the antivirus software on the first computer, a local data store that stores at least one first identifier for a vulnerability in association with at least one second identifier for malware that exploits the vulnerability; determining whether a software update is available from a trusted entity to close the vulnerability; in response to the determining that the software update is available from the trusted entity, causing the software update to be installed on the first computer; and in response to the determining that the software update is not available from the trusted entity, reporting to the trusted entity that no software updates are available to close the vulnerability.

13. The system as recited in claim 12 , the actions further comprising using a software update system to obtain the software update from the trusted entity by issuing an application programming interface call to the software update system.